Aggregator

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird. It has been declared as problematic. This vulnerability affects unknown code of the component Entity Parser. The manipulation leads to cross site scripting. This vulnerability was named CVE-2019-11763. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.2.2 and classified as critical. Affected by this issue is the function ath6kl_wmi_pstream_timeout_event_rx/ath6kl_wmi_cac_event_rx of the file drivers/net/wireless/ath/ath6kl/wmi.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2019-15926. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle MySQL Server up to 8.0.28 and classified as critical. This vulnerability affects unknown code of the component Data Dictionary. The manipulation leads to denial of service. This vulnerability was named CVE-2022-21605. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.4.168/5.10.88/5.15.11 and classified as critical. This issue affects the function __free_pages of the component optee. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2021-47087. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Your step-by-step guide to building defenders with confidence, clarity, and hands-on SOC Analyst training from day one.

国际AI芯片安全风险触发中国监管审查

Эпоха «наивных» читеров закончилась, а теневой рынок превратился в бизнес.

A vulnerability classified as problematic was found in Red Hat Linux. This vulnerability affects unknown code of the component L2CAP Packet Handler. The manipulation leads to type confusion. This vulnerability was named CVE-2020-25661. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 122. This issue affects the function fetch of the component API. The manipulation leads to insufficient verification of data authenticity. The identification of this vulnerability is CVE-2024-1554. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Local Security Authority. The manipulation leads to time-of-check time-of-use. This vulnerability is traded as CVE-2025-21191. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

ESET 研究人员近期发现的WinRAR零日漏洞CVE-2025-8088引发业界高度关注，且已被RomCom等多个组织用于攻击，本报告将深入剖析漏洞原理、攻击链、攻击者背景及相关攻击技术，并对相关攻击组织及WinRAR其他漏洞进行扩展分析

A vulnerability was found in Microsoft Windows Server 2012 R2/Server 2016/Server 2019/Server 2022/Server 2025. It has been rated as critical. This issue affects some unknown processing of the component Standards-Based Storage Management Service. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-21174. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Cisco IOS 12.2 on Aironet. Affected is an unknown function of the component Web Server. The manipulation leads to denial of service. This vulnerability is traded as CVE-2003-0511. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Cisco Aironet Wireless Access AP1x00. Affected by this issue is some unknown functionality of the component HTTP GET Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2003-0511. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cisco IOS up to 12.2. This affects an unknown part of the component Account Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2003-0512. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free. Good news for the victims of the DarkBit ransomware, researchers at cybersecurity firm Profero cracked the encryption process, allowing victims to recover files for free without paying the ransom. However, at this time, the company has yet to release […]

Nisos
Executive PII Exposure: Why You Need Ongoing Monitoring

Exposed personal data is fueling executive impersonation, fraud, and social engineering. Here's what enterprise leaders need to know...

The post Executive PII Exposure: Why You Need Ongoing Monitoring appeared first on Nisos by Nisos

The post Executive PII Exposure: Why You Need Ongoing Monitoring appeared first on Security Boulevard.

Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think

Threat actors have stolen data on at least half a million cancer screening patients